Internet of Things (IoT) devices may be fixed-function, relatively low cost devices with limited security capabilities. In addition, IoT devices may typically include sensors to sense environmental conditions. The data collected by IoT devices may, however, be aggregated or mined to reveal information that an owner of the IoT device may wish to keep private. For example, a globally unique identifier (GUID) used to identify an IoT device may correlate transactions involving use of the IoT device in a variety of applications or contexts. Thus, a thermostat may legitimately feed information to a first vendor (e.g., limited details) and a second vendor (e.g., full usage details), wherein the first vendor may collude with the second vendor to obtain more information (e.g., full usage details) using the GUID to obtain private information or to data mine.
In addition, GUIDs may be easily replayed, stored, and reused by any entity where the GUIDs are observed. For example, a counterfeit entity may hijack a GUID to masquerade as an IoT device and maliciously receive information from other entities, assume access rights to other entities, gain security keys, introduce content, and so on. Moreover, IoT environments may include a relatively large number of IoT devices where any/all participants may be privy to the GUID of any other IoT device. Thus, each IoT device may pose a security threat. In addition, an IoT device having the least amount of security hardening may relatively increase such security risks by being easily compromised to feed information regarding other IoT devices, which may in turn serve as attack points due to differing vulnerabilities.